Principal Security Architect

Overview

The Principal Security Architect is a key member of the CISO organization responsible for establishing and governing secure technology architecture across hybrid and multi‑cloud environments.

• Engage in project intake and early design phases to define security requirements prior to implementation.
• Partner with infrastructure, application, and cloud teams to embed security‑by‑design to reduce downstream rework and exception volume.
• Serve as subject‑matter expert for the design and secure adoption of infrastructure, cloud platforms, applications, and enterprise technologies.
• Lead security architecture review and assurance activities, assessing designs, diagrams, and implementations against enterprise standards, reference architectures, threat models, and control requirements.
• Identify and drive remediation of security and control gaps across identity, network segmentation, data protection, logging/monitoring, key management, CI/CD, and third‑party integrations.
• Design security architecture for Microsoft Fabric lakehouse patterns, secure data ingestion pipelines, and data governance controls.
• Define secure ingestion and connectivity patterns for on‑premises and third‑party platforms.
• Define and enforce security architecture for AI platforms and agent‑based solutions.
• Assess and integrate acquired entities into the enterprise security architecture.
• Define and maintain Microsoft Entra  architecture standards.
• Define secure network architecture patterns across on‑premises and cloud environments.
• Define enterprise logging, telemetry, and monitoring architecture requirements.
• Own and maintain enterprise security configuration standards and baselines across endpoints, infrastructure, cloud platforms, and controlled environments.
• Perform detailed security risk assessments and translate findings into actionable risk narratives and roadmaps.
• Provide architectural guidance during major incidents and support post‑incident reviews.
• Participate in compliance and audit activities.
• Maintain work effort status within SLAs on service desk and task management platforms.
• Perform other duties as assigned.

• Minimum 10 years of IS/IT experience, including 5+ years in information security architecture, engineering, or related senior technical roles.
• Bachelor’s degree in information systems or equivalent; MBA or MS in Information Security preferred.
• Minimum of 3 active security certifications at hire (e.g., CISSP, CCSP, GCSA, GCLD, GCAD, GPCS, CKS, CCAK, OSCP) or to be obtained within 6 months.
• Demonstrated senior technical leadership across multiple security domains.
• Experience designing security architecture for hybrid and multi‑cloud environments.
• Experience securing Azure and AWS environments across multiple subscriptions/accounts.
• Strong knowledge of identity and access management, Conditional Access, RBAC, privileged access management, and application identity governance.
• Experience with phishing‑resistant MFA, encryption, key management, secrets management, infrastructure‑as‑code, CI/CD, SIEM, SOAR, vulnerability management, and CSPM solutions.
• Knowledge of regulatory requirements (HIPAA, HITECH, NIST, ISO 27001).
• Excellent communication skills and ability to produce standards, diagrams, technical documentation, and executive‑level reporting.
• Self‑starter with ownership of security challenges.

$ – $

Brown University Health is committed to providing equal employment opportunities. The workplace is free from unlawful discrimination and harassment.

Remote – Rhode Island (Providence, RI 02901)